[talk] Using separate users for different programs

Thomas Levine _ at thomaslevine.com
Thu Mar 1 12:55:58 EST 2018

Thomas Levine writes:
> Then I suppose I will write my own.
> Maybe I'll report in a few months if I wind up using it.
> https://thomaslevine.com/scm/subdo

I surprisingly find myself using it after just a few days. I have
already ported the most worrysome of the softwares that I use often,
and the ports have all been very short.

I see no future talks scheduled; would anyone like to hear about this
in April?

John C. Vernaleo, Ph.D. writes:
> Sounds like you are about halfway to the solution Qubes OS uses where you
> have seperate VMs for differrent tasks.

I have long held the view that file modes, environment variables, users,
and groups provide more than enough separation for almost all situations
where people presently tend to use virtual machines.

There is also a practical issue: I am unwilling to sacrifice usability
for security, and since OpenBSD is the easiest operating system I have
ever used, Qubes suffers from the very significant disadvantage of not
being OpenBSD.

But the paradigms are indeed quite similar in concept.

